| 1 |
commit: 996cb21a3c261e9d5617709b05f495284ad5cb66 |
| 2 |
Author: Dan Walsh <dwalsh <AT> redhat <DOT> com> |
| 3 |
AuthorDate: Mon Nov 25 15:09:29 2013 +0000 |
| 4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Nov 30 15:01:49 2013 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=996cb21a |
| 7 |
|
| 8 |
Allow gpg_agent to use ssh-add |
| 9 |
|
| 10 |
--- |
| 11 |
policy/modules/contrib/gpg.te | 5 ++++- |
| 12 |
1 file changed, 4 insertions(+), 1 deletion(-) |
| 13 |
|
| 14 |
diff --git a/policy/modules/contrib/gpg.te b/policy/modules/contrib/gpg.te |
| 15 |
index a8bad37..36c63b3 100644 |
| 16 |
--- a/policy/modules/contrib/gpg.te |
| 17 |
+++ b/policy/modules/contrib/gpg.te |
| 18 |
@@ -210,7 +210,7 @@ tunable_policy(`use_samba_home_dirs',` |
| 19 |
# Agent local policy |
| 20 |
# |
| 21 |
|
| 22 |
-allow gpg_agent_t self:process setrlimit; |
| 23 |
+allow gpg_agent_t self:process { setrlimit signal_perms }; |
| 24 |
allow gpg_agent_t self:unix_stream_socket { create_stream_socket_perms connectto }; |
| 25 |
allow gpg_agent_t self:fifo_file rw_fifo_file_perms; |
| 26 |
|
| 27 |
@@ -229,7 +229,10 @@ filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "log-so |
| 28 |
domtrans_pattern(gpg_agent_t, pinentry_exec_t, gpg_pinentry_t) |
| 29 |
|
| 30 |
kernel_dontaudit_search_sysctl(gpg_agent_t) |
| 31 |
+kernel_read_core_if(gpg_agent_t) |
| 32 |
+kernel_read_system_state(gpg_agent_t) |
| 33 |
|
| 34 |
+corecmd_exec_bin(gpg_agent_t) |
| 35 |
corecmd_exec_shell(gpg_agent_t) |
| 36 |
|
| 37 |
dev_read_rand(gpg_agent_t) |
Archives